Expand description
OAuth 2.0 and OpenID Connect implementation.
This module implements the following RFCs and specifications:
§OAuth 2.0 Core
- RFC 6749 — OAuth 2.0 Authorization Framework
- §3.1 — Authorization Endpoint (
/authorize) - §3.2 — Token Endpoint (
/token)
- §3.1 — Authorization Endpoint (
§OAuth 2.0 Extensions
- RFC 7009 — OAuth 2.0 Token Revocation (
/revoke) - RFC 7636 — Proof Key for Code Exchange (PKCE)
- RFC 7662 — OAuth 2.0 Token Introspection (
/introspect) - RFC 8414 — OAuth 2.0 Authorization Server Metadata (
/.well-known/openid-configuration) - RFC 9449 — OAuth 2.0 Demonstrating Proof-of-Possession (DPoP)
§JSON Web Token (JWT)
- RFC 7517 — JSON Web Key (JWK) (
/jwks.json)
§OpenID Connect
- OpenID Connect Core 1.0
- §3 — Authorization Endpoint (
/authorize) - §3.1.3 — Token Endpoint (
/token) - §5.3 — UserInfo Endpoint (
/userinfo) - §10 — JWKS endpoint for key discovery (
/jwks.json) — Note: Currently exposes a single key; key rotation not implemented
- §3 — Authorization Endpoint (
- OpenID Connect Discovery 1.0 (
/.well-known/openid-configuration)
Functions§
- _add_
routes - authorize
- Handles the
/authorizeendpoint for OAuth 2.0 and OpenID Connect with PKCE support.